Monday, April 21, 2014

Lavabit, Encryption and Contempt

This post
examines an opinion the U.S. Court of Appeals for the 4th Circuit
recently issued in a case involving a criminal investigation and the imposition
of sanctions for contempt:In re Under Seal, 2014 WL 1465749
(2014).The judge who wrote the opinion
for the court begins by outlining how the case arose:

Lavabit LLC is a limited liability company that provided
email service. Ladar Levison is the company's sole and managing member.

In 2013, the United States sought to obtain
certain information about a target in a criminal
investigation. To further that goal, the Government obtained court orders under
both the Pen/Trap Statute, 18 U.S. Code §§ 3123 - 3137, and the Stored Communications Act, 18 U.S. Code §§ 2701 - 2712 requiring Lavabit to
turn over particular information related to the target. When Lavabit and
Levison failed to comply with those orders, the district court held them in
contempt and imposed monetary sanctions. Lavabit and Levison now appeal the sanctions.

In
re Under Seal, supra.In a
footnote, the judge explains that “[b]ecause of the underlying criminal
investigation, portions of the record, including the target’s identity, are
sealed.”In re Under Seal, supra.

The judge then explains that the case concerns the
encryption processes Lavabit

used while providing its email service.
Encryption describes the process through which readable data, often called
`plaintext,’ is converted into `ciphertext,’ an unreadable jumble of letters
and numbers. Decryption describes the reverse process of changing ciphertext
back into plaintext. Both processes employ mathematical algorithms involving
`keys,’ which facilitate the change of plaintext into ciphertext and back
again.

Lavabit employed two stages of encryption
for its paid subscribers: storage encryption and transport encryption. Storage
encryption protects emails and other data that rests on Lavabit's servers.
Theoretically, no person other than the email user could access the data once
it was so encrypted. By using storage encryption, Lavabit held a unique market
position in the email industry, as many providers do not encrypt stored data.

Although Lavabit's use of storage
encryption was novel, this case primarily concerns Lavabit's second stage of encryption,
transport encryption. This more common form of encryption protects data as it
moves in transit between the client and the server, creating a protected
transmission channel for internet communications. Transport encryption protects
not just email contents, but also usernames, passwords, and other sensitive
information as it moves. Without this type of encryption, internet
communications move exposed en route to their destination, allowing outsiders
to `listen in.’ Transport encryption also authenticates-that is, it helps
ensure that email clients and servers are who they say they are, which in turn
prevents unauthorized parties from exploiting the data channel.

Like many online companies, Lavabit
used an industry-standard protocol called SSL (short for `Secure Sockets Layer’)
to encrypt and decrypt its transmitted data. SSL relies on public-key or
asymmetric encryption, in which two separate but related keys are used to
encrypt and decrypt the protected data. One key is made public, while the other
remains private. In Lavabit's process, email users would have access to
Lavabit's public keys, but Lavabit would retain its protected, private keys.
This technology relies on complex algorithms, but the basic idea is akin to a
self-locking padlock: if Alice wants to send a secured box to Bob, she can lock
the box with a padlock (the public key) and Bob will open it with his own key
(the private key). Anyone can lock the padlock, but only the key-holder can
unlock it.

The security advantage that SSL offers disappears
if a third party comes to possess the private key. . . . [A] third party
holding a private key could read the encrypted communications tied to that key
as they were transmitted. In some circumstances, a third party might also use
the key to decrypt past communications (although some available technologies
can thwart that ability). And, with the private key in hand, the third party
could impersonate the server and launch a man-in-the-middle attack.

When a private key becomes anything
less than private, more than one user may be compromised. Like some other email
providers, Lavabit used a single set of SSL keys for all its various
subscribers for technological and financial reasons. Lavabit in particular
employed only five key-pairs, one for each of the mail protocols it supported. As a result, exposing one key-pair could affect all of Lavabit's
estimated 400,000–plus email users.

In
re Under Seal, supra.

That brings us to the case itself.The opinion explains that on June 28, 2013,
the

Government sought and obtained an order
(`the Pen/Trap Order’) from a magistrate judge authorizing the placement of a
pen register and trace-and-trap device on Lavabit's system. This `pen/trap’
device is intended to allow the Government to collect certain information, on a
real-time basis, related to the specific investigatory target's Lavabit email
account. In accordance with the
Pen/Trap Statute, . . . the
Pen/Trap Order permitted the Government to `capture all non-content dialing,
routing, addressing, and signaling information . . . sent from or sent to’ the
target's account. . . .

In other words, the Pen/Trap Order authorized the
Government to collect metadata relating
to the target's account, but did not allow the capture of the contents of the
target's emails. The Pen/Trap Order further required Lavabit to `furnish [to
the Government] . . . all information, facilities, and technical assistance
necessary to accomplish the installation and use of the pen/trap device
unobtrusively and with minimum interference.’ . . .

On the same day the Pen/Trap Order
issued, FBI agents met with Levison, who indicated he did not intend to comply
with the order. Levison informed the agents he could not provide the requested
information because the target-user `had enabled Lavabit's encryption
services,’ presumably referring to Lavabit's storage encryption. . . . But, at
the same time, Levison led the Government to believe he `had the technical
capability to decrypt the [target's] information.’ . . . Nevertheless, Levison
insisted he would not exercise that ability because `Lavabit did not want to
“defeat [its] own system. . . . ”’

[T]he Government obtained an additional
order that day compelling Lavabit to comply with the Pen/Trap Order. This `June
28 Order,’ again issued by a magistrate judge, instructed Lavabit to `provide
the [FBI] with unencrypted data pursuant to the [Pen/Trap] Order’ and reiterated
that Lavabit was to provide `any information, facilities, or technical
assistance . . . under the control of Lavabit . . . [that was] needed to provide the FBI with the
unencrypted data.’ . . . Further, the June 28 Order put Lavabit and Levison on
notice that any `[f]ailure to comply’ could result in `any penalty within the
power of the Court, including the possibility of criminal contempt of Court.’ .
. .

In
re Under Seal, supra.

The opinion says that “[o]ver the next eleven days, the
Government attempted to talk with Levison about implementing the Pen/Trap Order”,
but Levison “ignored the FBI's repeated requests to confer and did not give the
Government the unencrypted data the June 28 Order required.” In re Under Seal, supra.“As each day passed, the Government
lost forever the ability to collect the target-related data for that day.” In re Under Seal, supra.“Because Lavabit refused to comply with the prior
orders,” the

Government obtained an order to show cause from the
district court on July 9. The show cause order directed Lavabit and Levison, individually,
to appear and `show cause why Lavabit LLC ha[d] failed to comply with the
orders entered June 28, 2013[ ] in this matter and why [the] Court should not
hold Mr. Levison and Lavabit LLC in contempt for its disobedience and resist[a]nce
to these lawful orders.’ . . .

Entry of the show cause order spurred a conference
call between Levison, his counsel, and representatives from the Government on
July 10. During that call, the parties discussed how the Government could
install the pen/trap device, what information the device could capture, and how
the Government could view and preserve that information. In addition, the
Government asked whether Levison would provide the keys necessary to decrypt
the target's encrypted information. Although the Government again stressed that
it was permitted to collect only non-content data, neither Levison nor his
counsel indicated whether Lavabit would allow the Government to install and use
the pen/trap device.

On July 13, 2013, four days after the show cause order
issued, Levison contacted the Government with his own proposal as to how he
would comply with the court's orders. In particular, Levison suggested that
Lavabit would itself collect the Government's requested data:

I now believe it would be possible to capture the
required data ourselves and provide it to the FBI. Specifically the information
we'd collect is the login and subsequent logout date and time, the IP address
used to connect to the subject email account and [several] non-content headers
. . . from any future emails sent or received using the subject account. . . .Note
that additional header fields could be captured if provided in advance of my
implementation effort.

. . . Levison conditioned his proposal with a
requirement that the Government pay him $2,000 for his services. More
importantly, [he] intended to provide the data only `at the conclusion of the
60[-]day period required by the [Pen/Trap] Order . . . [ or] intermittently . .
. as [ his] schedule allow[ed].’ If the Government wanted daily updates,
Levison demanded an additional $1,500.

The Government rejected Levison's proposal,
explaining that it needed `real-time transmission of results.’ . . . Moreover,
the Government would have no means to verify the accuracy of the information Lavabit
proposed to provide -- a concerning limit given Lavabit's apparent hostility
toward the Government. Levison responded by insisting that the Pen/Trap Order
did not require real-time access, but did not otherwise attempt to comply with
the Pen/Trap Order or the June 28 Order.

In
re Under Seal, supra.

On July 26, Levison “appeared [for the show cause
hearing] before the district court pro se, on behalf of himself
and Lavabit”. In re Under Seal, supra.When he was asked if he intended to “comply
with the Pen/Trap Order,” Levison said “he had `always agreed to the
installation of the pen register device.’” In
re Under Seal, supra.But he “objected
to turning over his private SSL encryption keys `because that would compromise
all of the secure communications in and out of [his] network, including [his]
own administrative traffic.’” ” In re
Under Seal, supra. He also “maintained [t]here was never an explicit demand
[from the Government] that [he] turn over the keys.’” In re Under Seal, supra.

After the show cause hearing,
Lavabit did permit the Government to install a pen/trap device. But, without
the encryption keys, much of the information transmitted to and from Lavabit's
servers remained encrypted, indecipherable, and useless. The pen/trap device was
therefore unable to identify what data within the encrypted data stream was
target-related and properly collectable.

In
re Under Seal, supra.

On August 1, the U.S. District Court Judge who had the case
held another hearing and “entered an order . . . directing Lavabit to turn over
its encryption keys” “5:00 pm on August 2, 2013.”In
re Under Seal, supra.The
opinion says Lavabit “dallied and did not comply” with the order until “[j]ust before
the 5:00 pm August 2 deadline” when Levison gave “the FBI with an 11–page
printout containing largely illegible characters in 4–point type, which he
represented to be Lavabit's encryption keys.” In re Under Seal, supra.

“The Government instructed [him] to provide the
keys in an industry-standard electronic format by the morning of August 5” but
he “did not respond.”In re Under Seal, supra.On August 5, the government moved for
sanctions against Levison and Lavabit for their “continuing `failure to
comply’” with the judge’s order.In re Under Seal, supra.The motion asked the court to award
“penalties of $5,000 a day” until Lavabit provided the encryption keys to the
Government.In re Under Seal, supra.Levison turned over the keys two days later, by which time “six weeks of
data regarding the target had been lost.”In re Under Seal, supra.

Lavabit and Levison appealed the order to the Court
of Appeals for the 4th Circuit, but they lost.In re
Under Seal, supra.The court began
its analysis of their argument on appeal by noting that when they were before
the district court judge,

Lavabit failed to challenge the
statutory authority for the Pen/Trap Order, or the order itself, in any way.
Yet on appeal, Lavabit suggests that the district court's demand for the
encryption keys required more assistance from it than the Pen/Trap Statute
requires. Lavabit never mentioned or alluded to the Pen/Trap Statute below,
much less the district court's authority to act under that statute. In fact,
with the possible exception of an undue burden argument directed at the seizure
warrant, Lavabit never challenged the district court's authority to act under
either the Pen/Trap Statute or the [Stored Communications Act].

In
re Under Seal, supra.

The Court of Appeals then explained that “[o]ur
settled rule is simple: `[a]bsent exceptional circumstances, . . . we do not
consider issues raised for the first time on appeal.’” In re Under Seal, supra (quoting Robinson v. Equifax Info.
Services, LLC, 560 F.3d 234 (U.S. Court of Appeals for the 4th
Circuit 2009)).It noted that it follows
this rule because holding that the failure to raise an issue below waives the
litigant’s right to raise it on appeal fosters “respect for the lower court”,
“avoids unfair surprise to the other party”, and “acknowledges the need for
finality in litigation and conservation of judicial resources.”In re
Under Seal, supra.It also agreed
with the U.S. Court of Appeals for the 3rd Circuit, which held that
issue waiver rules “`prevent parties from getting two bites at the apple by
raising two distinct arguments’” before two different courts.In re
Under Seal, supra (quoting In re Diet
Drugs Product Liability Litigation, 706 F.3d 217 (U.S. Court of Appeals for the 3rd Circuit 2013)).

The Court of Appeals for the 4th Circuit
also pointed out that

. . . waiver principles apply
with equal force to contempt proceedings. . . . If anything, `[t]he
axiom that an appellate court will not ordinarily consider issues raised for
the first time on appeal takes on added significance in the context of contempt.’ In
re Bianchi, 542 F.2d 98 (U.S. Court of Appeals for the 1st Circuit 1976). After
all, `[d]enying the court of which [a party] stands in contempt the opportunity
to consider the objection or remedy is in itself a contempt of [that court's]
authority and an obstruction of its processes.’In re Bianchi, supra.

The Court of Appeals therefore
rejected Lavabit’s/Levison’s argument that “it preserved an appellate challenge
to the Pen/Trap Order when Levison objected to turning over the encryption keys
at the initial show cause hearing.”In re Bianchi, supra. It noted that

[i]n making his statement against
turning over the encryption keys to the Government, Levison offered only a
one-sentence remark: `I have only ever objected to turning over the SSL keys
because that would compromise all of the secure communications in and out of my
network, including my own administrative traffic.’ . . .

This statement -- which we recite
here verbatim -- constituted the sum total of the only objection Lavabit ever raised
to the turnover of the keys under the Pen/Trap Order.

We cannot refashion this vague
statement of personal preference into anything remotely close to the argument
that Lavabit now raises on appeal: a statutory-text-based challenge to the
district court's fundamental authority under the Pen/Trap Statute. Levison's
statement to the district court simply reflected his personal angst over
complying with the Pen/Trap Order, not his present appellate argument that
questions whether the district court possessed the authority to act at all.

In
re Bianchi, supra.

For these and other reasons, the Court of Appeals
held that

[i]n view of Lavabit's waiver of
its appellate arguments by failing to raise them in the district court, and its
failure to raise the issue of fundamental or plain error review, there is no
cognizable basis upon which to challenge the Pen/Trap Order. The district court
did not err, then, in finding Lavabit and Levison in contempt once they
admittedly violated that order. The judgment of the district court is therefore
. . . AFFIRMED.

In
re Bianchi, supra.

As this story notes, Lavabit was Edward Snowden’s
email provider.You can read more about
the court’s decision here, and you can find the opinion here.